Systems and methods for assessing fraud risk

ABSTRACT

In some embodiments, a non-transitory computer-implemented method of assessing a fraud risk is provided. The method can include: receiving data associated with a plurality of customer complaints, wherein data associated with each of the customer complaints at least suggests that a money-transfer transaction did not complete as expected, and wherein data associated with each of the customer complaints is associated with one or more of a plurality of money-transfer agents; electronically storing the data related in a complaint database; and for each of the plurality of money-transfer agents, using a risk processor to: retrieve data associated with the money-transfer agent from the complaint database, and determine a fraud-risk index for the money-transfer agent based on the retrieved data.

CROSS-REFERENCE TO RELATED APPLICATIONS

The present application is a continuation of and claims priority to U.S.patent application Ser. No. 12/858,611, filed Aug. 18, 2010, entitled“SYSTEMS AND METHODS FOR ASSESSING FRAUD RISK,” which is incorporatedherein by reference for all purposes.

BACKGROUND OF THE INVENTION

Using a money-transfer system, money can be transferred between twopeople in two different locations. A money transfer company can have anumber of agents, each of whom establish a site for money to be sent orreceived. Thus, a customer provides money (or other value) to betransferred at a sending site to be picked up by friend, colleague, orfamily at a receiving site. At this point, transaction information isentered into a record that is received at a money-transfer system hostedby the money transfer company. The record includes information thatidentifies the sending-site agent, the sender, the intended recipient,and the amount of money being transferred, among other things. Theintended recipient then presents himself to a machine or representativeat a receive site of a service provider or representative to obtain thetransferred money or other value. A representative or machine at thereceive site can verify and record the identity of the receiver andgives the receiver the value.

Money-transfer systems can involve many agents who may defraud thecompany or its customers. First, most money transfers involvetransactions occurring at multiple locations hosted by different agents.Thus, an agent in charge of either the sending or receiving site may beinvolved in fraud. Further, each site involves a number ofrepresentatives who may also be involved in fraud. For example, variousemployees may receive money from customers, look up transactionsidentified by customers, and/or pay transferred money to customers. Ifan agent engages in fraudulent activity, either the customers or amoney-transfer company may lose money. Therefore, it is advantageous toassess risk that an agent is or has engaged in fraudulent activity.

BRIEF SUMMARY

In some embodiments, a computer-implemented method of assessing a fraudrisk is provided. The method can include: receiving data associated witha plurality of customer complaints. The data associated with each of thecustomer complaints can suggest that a money-transfer transaction didnot complete as expected. And the data associated with each of thecustomer complaints can be associated with one or more of a plurality ofmoney-transfer agents. The data related can be stored in a complaintdatabase. A risk processor can be used to retrieve data associated withthe money-transfer agent from the complaint database, and/or determine afraud-risk index for the money-transfer agent based on the retrieveddata.

The fraud-risk index may depend on any combination of the following: howmany customer complaints are associated with the money-transfer agent, alength of time that the money-transfer agent has been associated withthe company, money-transfer transactions not associated with anycustomer complaints with information suggesting that the transactionsdid not complete as expected, a time interval of the money-transfertransactions associated with the money-transfer agent, an amount of themoney-transfer transactions associated with the money-transfer agent,and/or a transaction initiated after one or more of the money-transfertransactions associated with the money-transfer agent is paid. Themoney-transfer agent may include an employee associated with amoney-transfer service company and/or a location of a money-transferservice company. The method may further include predicting that one ormore of the plurality of money-transfer agents engaged in fraudulentactivity based on the determined fraud-risk index associated with theone or more money-transfer agents. The method may further include usingthe risk processor to repeatedly re-determine the fraud-risk index forat least one of the plurality of money-transfer agents. In someembodiments, each re-determination is based on data associated with adifferent set of customer complaints. The method may further includeassociating data associated with each of the plurality of customercomplaints with the one or more of a plurality of money-transfer agents.

In some embodiments, a computer system for assessing a fraud risk isprovided. The system can include: a complaint-receiving componentconfigured to receive data associated with a plurality of customercomplaints, a data-storing component, and a risk processor. The dataassociated with each of the customer complaints at least suggests that amoney-transfer transaction did not complete as expected. The dataassociated with each of the customer complaints can be associated withone or more of a plurality of money-transfer agents. The data-storingcomponent can be configured to electronically store the data in acomplaint database. And the risk processor can be configured to, foreach of the plurality of money-transfer agents: retrieve data associatedwith the money-transfer agent from the complaint database, and/ordetermine a fraud-risk index for the money-transfer agent based on theretrieved data. The complaint-receiving component may include one ormore of: a computer mouse, a computer keyboard, a microphone, and anetwork connection. The data-storing component may include a computerprocessor. The risk processor may include a computer processor. Theoutput component may include a display.

The system may further include a processor configured to associate dataassociated with each of the plurality of customer complaints with theone or more of a plurality of money-transfer agents. The system mayfurther include an output component configured to output one or moredetermined fraud-risk indices. The fraud-risk index may depend on howmany customer complaints are associated with the money-transfer agent, alength of time that the money-transfer agent has been associated withthe company, money-transfer transactions not associated with anycustomer complaints suggesting that the money-transfer transactions didnot complete as expected, a time interval of the money-transfertransactions associated with the money-transfer agent, an amount of themoney-transfer transactions associated with the money-transfer agent,and/or a transaction initiated after one or more of the money-transfertransactions associated with the money-transfer agent is paid.

The money-transfer agent may include a an employee of a money-transferservice company and/or a location of a money-transfer service company.The risk processor may be further configured to predict that one or moreof the plurality of money-transfer agents engaged in fraudulent activitybased on the determined fraud-risk index associated with the one or moremoney-transfer agents. The risk processor may be further configured torepeatedly re-determining the fraud-risk index for at least one of theplurality of money-transfer agents, wherein each re-determination isbased on data associated with a different set of customer complaints.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 shows a block diagram of a money transfer system that can be usedby various embodiments of the invention.

FIG. 2 shows a system for assessing a risk of fraud according to someembodiments of the invention.

FIG. 3 shows an example of a situation suggesting that a fraudulentactivity occurred according to some embodiments of the invention.

FIG. 4 shows a process for assessing a risk of fraud according to someembodiments of the invention.

FIG. 5 shows examples of transaction information according to someembodiments of the invention.

FIG. 6 shows examples of agent-specific summary statistics according tosome embodiments of the invention.

DETAILED DESCRIPTION OF THE INVENTION Introduction

In a money-transfer system, a number of suspicious occurrences maysuggest that one or more involved parties were engaged in a fraudulentactivity. For example, a customer may call to complain that the moneyintended to be transferred to him was apparently already disbursed toanother individual or that he was told that there was no record of thetransfer. Because money-transfer systems can involve a number of agentsassisting in a high volume of money transfers, it can be difficult toassess which, if any, of these agents are involved in fraudulentactivities. Further, the customers themselves may be involved, making iteven more difficult to associate suspicious activity with any particularagents. To aid in solving this problem a fraud index can be calculatedfor agents that can be used to assess whether or not an agent is likelyinvolved in fraudulent activity.

Assessing a fraud-risk involves a number of challenges, including thefollowing. First, a mechanism for identifying circumstances suggestingthat fraud did, or is likely to, occur may need to be established. Forexample, a customer-complaint system may be established. Not only isthis venture costly, but it is likely that the system can be eitherunder-inclusive or over-inclusive. Some customers may not reportproblems that were likely caused by fraud (either because they wereunaware of the fraud risk or the problem itself). Other customers mightreport activities unrelated to fraud or falsify their claims.

Second, the situation (e.g., outlined in a complaint call) may need tobe evaluated. This evaluation may allow the company to distinguishbetween complaints unrelated to potentially fraudulent activity fromothers and may suggest that a serious (very costly) fraudulent activityoccurred. However, this evaluation may be difficult when a large numberof fact-specific complaints are received.

Third, the company may then be able to associate the transactions fromthe customer complaints with company agents. In some instances,transaction information may indicate a number of agents involved, but inother circumstances, the information may be less complete. For example,perhaps a customer complained because a representative claimed that atransaction was initiated and took her money, but there was no record ofthe transaction. While the customer may be able to provide the locationsite she visited, she may be unable to identify the particularrepresentative with whom she interacted. Additionally, even if atransaction was properly initiated, it may be difficult to identify allagents involved in the transaction. For example, a representative mayoverhear sufficient details about a transaction to then engage infraudulent activity or he may use a computer system to obtaintransaction information used for fraudulent activity.

Fourth, the company may identify an actual fraud risk associated withthe reported events. In some instances, a reported event may be a resultof a customer misunderstanding or of a customer's attempted fraudulentactivity. Even if it were possible to not consider these reports, itwould still be important to identify which agents were most likely to beinvolved in fraudulent activity, and how large of a risk of fraud thatagent presented to the company. Because the circumstances underlyingmany potentially fraudulent activity are highly variable, it may bedifficult to generate statistics across multiple events and/or tocompare fraud risk across agents.

Other challenges may exist. Despite these challenges the embodimentsdisclosed herein provide systems and methods to assess a risk that anagent associated with a money transfer company is engaged in fraudulentactivity. As used herein, a “money transfer company” or “company” is anentity that performs a financial service or transaction, such as a moneytransfer or the transfer of other value. (While the disclosure hereinmay refer to “money” transfers, embodiments also relate to transfers ofother value.) An example of such a company is an entity, such as WesternUnion of Englewood, Colo., which provides a variety of such valuetransfer services. A service provider can be a “money servicesbusiness”. The company may act as an issuer, seller and/or redeemer ofmoney orders; an issuer, seller and/or redeemer of traveler's checks; amoney transmitter, a check casher; a currency exchanger; a currencydealer; and an issuer, seller and/or redeemer of stored value.

Money-transfer systems can involve many agents fulfilling various rolesin the company. In some instances, an agent includes a site or entityassociated with a money-transfer company. For example, an agent mayinclude a specific money-transfer location.

In some instances, an agent includes a person directly or indirectlyassociated with the company. For example, as shown in FIG. 1, a numberof agents 110 may be associated with a single money-transfer-servicecompany 105. Each agent 110 may establish a location or site wherecustomers may send or receive money. The agent 110 associated with eachsite may be, for example, an owner, a supervisor, or a manager of thesite. In some embodiments, the agents' sites are individually owned andoperated. In some embodiments, the money-transfer-service company ownsand/or operates each site. At each site, one or more representatives 115may be involved in money-transfer transactions. For example, arepresentative 115 may be employed by an owner of the site to interactwith customers. Throughout this application, an “agent” may include aparty associated with a particular site of the company (e.g., agent 110)and/or a representative 115. As noted above, in some embodiments, theanalysis is extended to generally assess a fraud risk associated with aparticular location. Thus, even if the agent 110 overseeing the locationis not personally involved in fraudulent activity, the location mayitself be identified as likely to be involved in fraudulent activities.

Due to the high number of agents and locations involved inmoney-transfer systems, it may be difficult to detect agents involved infraud. Some embodiments disclosed relate to an automated orsemi-automated determination that an agent was or was likely involved ina fraudulent activity. In some embodiments, a fraud-risk index can becalculated for each of one or more agents, which may relate to aprobability that the agent was engaged in fraudulent activity. In someinstances, the indices can be related to individual employees (e.g.,interacting with customers involved in transactions). In some instances,the indices can relate to a company location (e.g., an office, aterminal or kiosk), which may have automated machines and/or employeesto interact with customers involved in transactions. In some instances,the company location can be operated or supervised by a person oranother company who may or may not be employed by the company operatingthe money-transfer system. In some embodiments, a company or personassessing fraud risk may be different from the company operating themoney-transfer system.

Money-Transfer Systems

Examples of money-transfer systems include those generally described inU.S. Patent Application Publication Nos. 2004/0215558 (Ser. No.10/658,844); 2004/0215574 (Ser. No. 10/424,558); and 2003/0167237 (Ser.No. 10/091,000), each of which is incorporated herein by reference inits entirety for all purposes.

FIG. 2 shows one embodiment of a risk-evaluation system 200 according tosome embodiments of the invention. Risk-evaluation system 200 maycomprise a risk-processing system 202 associated with a money-transfersystem 201. Money-transfer system 201 may include atransaction-processing system 203 which comprises a transaction computer204 coupled to a transaction database 205. Transaction computer 204 mayinclude, for example, server computers, personal computers,workstations, web servers, and/or other suitable computing devices.Transaction database 205 may store transfer records comprisingtransaction information, each record relating to a single transaction.

Transaction-processing system 203 may include application software thatprograms transaction computer 204 to perform wire transfers. Transactiondatabase 205 may be a storage device that includes solid-state memory,such as RAM, ROM, PROM, and the like, magnetic memory, such as discdrives, tape storage, and the like, and/or optical memory, such as DVD.Transaction-processing system 203 may be fully located within a singlefacility or may be distributed geographically, in which case a networkmay be used to integrate transaction-processing system 203. Many otherexamples are possible and apparent to those skilled in the art in lightof this disclosure. Transaction computer 204 may include the hardwareand software necessary to monitor, authorize, and process moneytransfers between two individuals.

For example, transaction computer 204 may be coupled to a network 209.Network 209 may be the Internet, an intranet, a wide area network (WAN),a local-area network (LAN), a virtual private network, any combinationof the foregoing, or the like. Network 209 may include both wired andwireless connections, including optical links. In some embodiments,network 209 may be a transaction-processing network. Through network209, transaction devices 208 may communicate with transaction-processingsystem 203, e.g., to relay or verify transaction information stored intransaction database 205. Transaction computer 204 may process datareceived and transmitted via transaction network 209. Informationprocessed by transaction computer 204 may conveniently be stored intransaction database 205.

Money-transfer system 201 may include one or more transaction devices208. For example, point-of-sale (POS) devices 208 a may be located atcompany locations offering financial-transaction services. Examples ofsuitable POS devices are more fully described in U.S. Pat. No.6,015,087, which is incorporated herein by reference in its entirety.Essentially, POS devices are terminals for receiving transactioninformation; e.g. money transfer information, and sending theinformation to the transaction-processing system 203. POS devices mayinclude an input device such that a user can input data into thecomputer. The input device may include, for example, a computer mouse, acomputer keyboard, or a microphone. The input device may also include acomponent configured to receive electronic data. For example, the inputdevice may include a network connection, a disk drive, or a USB drive.Terminal identification information can be associated with each POSdevice 208 a. Such identification information includes, but is notlimited to, a physical location, a telephone number, a representativeidentification number, a terminal identification number, a securityalert status, an indication of the type of terminal, a serial number ofa CPU, an IP address, the name of a an agent, and the like.

Money-transfer system 201 also may include one or more computing devices208 b programmed to receive financial transaction information fromindividuals (e.g., customers). Like the POS devices 208 a, computingdevices 208 b may be located at company locations.

Money-transfer system 201 also may include one or more consumer servicerepresentative (CSR) computers 208 c located at company locations. TheCSR computers 208 c may be located, for example, at a call centeroperated by the company. The CSR computers 208 c function and includecomponents (e.g., input devices) much like the POS devices 208 a and thecomputing devices 208 b, except that transaction information is enteredby a CSR who is receiving the information from a consumer by phone orover email, for example.

Money-transfer system 201 may also include one or more receiving sites208 d from which consumers may receive funds. The receive sites 208 dmay be locations equipped with a POS device 208 a or computing device208 b. The receive sites 208 d also may be automated teller machines,kiosks, merchant store fronts, bank accounts, or the like.

Risk-Processing System

Risk-evaluation system 200 may include a risk-processing system 202 todetermine a risk that an agent was involved in a fraudulent activity.Risk-processing system 202 may include risk processor 206 and afraud-risk database 207. Risk processor 206 may be anymicroprocessor-based device capable of retrieving transactioninformation relating to money transfers conducted by a particular agent.In one embodiment, risk processor 206 is configured to receive datarelated to customer complaints and/or customer-complaint reports.

Thus, risk-processing system 202 may include and/or risk processor 206may be coupled to one or more reporting devices 211. The risk processor206 may be coupled to report devices 211, for example, through network213. Network 213 may be the Internet, an intranet, a wide area network(WAN), a local area network (LAN), a virtual private network, anycombination of the foregoing, or the like. Network 213 may include bothwired and wireless connections, including optical links. In someembodiments, network 213 may comprise a transaction-processing network.Through network 213, reporting devices 211 may communicate with riskprocessor 206, e.g., to receive customer-complaint information. Riskprocessor 206 may process customer complaints and store data from thecomplaints in fraud-risk database 207.

A reporting device 211 may include a POS device 211 a located at companylocations, such as a POS device described above with respect to POSdevice 208 a. The POS devices 211 a may be configured to receivecustomer-complaint information and/or transaction information (which mayprovide details relevant to the customer complaint).

A reporting device 211 may include a computing device 211 b programmedto receive customer-complaint information from individuals (e.g.,customers). The computing devices 208 b may be located at companylocations.

A reporting device may include, for example, one or more consumerservice representative computers 211 c. Report information may beentered by a CSR who is receiving the information from a consumer byphone or over email, for example.

A reporting device may include a consumer computer 211 e. For example,risk processor 206 may be connected over the Internet to a consumer'shome computer. The risk-processing system may include a server that mayhost a website that is configured to receive consumer complaints (e.g.,by providing the consumer with a complaint form and accepting thecompleted forms).

In some embodiments, risk processor 206 is configured to accesstransaction database 205 and obtain transaction information storedtherein. In these cases, risk-processing system 202 may be associatedwith money-transfer system 201 in any manner that allows for access totransaction database 205. Such association can be provided by directwired communication between transaction database 205 and risk processor206, by direct or network communication between money-transfer system201 and risk processor 206, or by any other mechanism that provides riskprocessing system 202 with access to transaction database 205. In oneparticular embodiment, risk processor 206 is communicably coupled totransaction network 209 and accesses transaction database 205 viatransaction computer 204. In another embodiment, risk processor 206 isdirectly coupled to transaction computer 204 and accesses transactiondatabase 205 via transaction computer 204. It will be recognized by oneof ordinary skill in the art that a number of other mechanisms existwithin the scope of the present invention for providing access by riskprocessor 206 to transaction database 205.

Risk processor 206 may be configured to process transaction informationretrieved from database 205 and/or from a reporting device 211 and storethe processed information in fraud-risk database 207. In some instances,transaction information and/or complaint information is stored infraud-risk database 207 without any processing of the information byrisk processor 206 (e.g., risk processor 206 merely relays theinformation). Risk processor 206 may be configured to access informationfrom one or both databases 205 and 207 and to process the information(e.g., by calculating a risk index associated with an agent, formattingthe accessed information, formatting information received by a reportingdevice 211, or providing a risk index to a user).

In some embodiments, risk processor 206 may be a single computer, suchas a personal computer or a database server. In other embodiments, riskprocessor 206 may be a group of two or more computers. In suchembodiments, risk processor 206 may include a central computerassociated with one or more peripheral computers. Such peripheralcomputers may be personal computers or portable devices, such as lap topcomputers and/or personal digital assistants.

Risk processor 206 may include a computer-readable medium capable ofmaintaining instructions executable to perform the functions associatedwith risk processor 206. For example, as more fully described below, thecomputer-readable medium may comprise software that allows riskprocessor 206 to access the information stored in fraud-risk database207 and/or transaction database 205 and calculate a fraud-risk index.

The computer-readable medium can be any device or system capable ofmaintaining data in a form accessible to risk processor 206. Forexample, the computer-readable medium can be contained in a hard-diskdrive either integral to risk processor 206 or external thereto.Alternatively, the computer-readable medium can be contained in a floppydisk or a CD-ROM apart from risk processor 206 and accessible byinserting into a drive (not shown) of risk processor 206. In yet otheralternatives, the computer-readable medium can be contained in RAMintegral to risk processor 206 and/or a microprocessor (not shown)within risk processor 206. One of ordinary skill in the art willrecognize many other possibilities for implementing the computerreadable medium. For example, the computer-readable medium can be in acombination of the aforementioned alternatives, such as, a combinationof a CD-ROM, a hard disk drive and RAM.

Examples of Fraud

Risk processor 206 may be configured to determine a risk that an agentis engaging or has engaged in fraudulent activity. FIG. 3 shows oneexample of a paid-in-error situation that may suggest that an agent wasinvolved in fraudulent activity. A first individual 305 a initiates atransaction by providing a first company agent 310 a (e.g., arepresentative 115) with a payment (e.g., comprising an amount of moneyto be transferred and a transfer fee) at a first company location 315 a.First agent 310 a may then access transaction computer 204 and send itinformation about the transaction, which the transaction computer 204may store in transaction database 205. The first agent 310 a may accesstransaction computer 204 by using a point-of sale device 208 a at thefirst location 115 a. The point-of-sale device 208 a may be specificallydesigned for money-transfer transactions. The device may be operated byan agent. In another case, the information may be sent using a computingdevice at first location 115 a running application software specificallydesigned for money-transfer transactions. In yet another case, theinformation may be sent by phone when an agent contacts a consumerservice representative (CSR) of the company. The agent is able to verifythe sender's information and collect funds while the CSR enters theinformation into a transaction record.

A second individual 305 b may provide transaction-identifyinginformation to a second agent 310 b and request the money associatedwith the transaction at a second location 315 b. Second agent 310 b maylook up the transaction and request that second individual 305 b providepersonal identifying information (e.g., a driver's license or apassport) to prove that he is the intended recipient of the transaction.Second agent 310 b may look up the transaction, for example, by using apoint-of-sale device 208 a at the second location 115 a, using acomputing device at the second location 115 a running applicationsoftware designed for money-transfer transactions, or contacting a CSRof the company.

In some instances, a third individual 305 c may request the moneyassociated with the same transaction from a third agent 310 c at a thirdlocation 315 c. The third agent 310 c may access the transactioncomputer 204 (e.g., in a manner similar to one or more of thosedescribed above with respect to the second agent's transaction look-up)and determine that the transaction has already been paid. Thus, thethird individual 305 c may be denied payment or the company may decideto nevertheless pay the third individual 305 c (thereby likely losingmoney for the transaction). The third individual may then complain tothe company, e.g., using a reporting device 211, and acustomer-complaint report may be generated (e.g., by risk processor207).

When second individual 305 b is not the intended recipient butnevertheless receives the transferred money, a paid-in-error transactionerror occurred. The transaction error may result, for example, fromsecond individual 305 b providing false personal identifying informationand/or from erroneous actions of company agents. For example, firstagent 310 a may inform second individual 305 b about the details of thetransaction, such that he may collect the transferred money from secondagent 305 b at second location 315 b. As another example, third agent310 c may wrongly deny the transferred money to third individual 305 cand may then inform second individual 305 b about the details of thetransaction, such that he may collect the transferred money from secondagent 305 b. As another example, second agent 310 b may (e.g.,selectively) not require second individual 305 b to provide identifyinginformation.

In some embodiments, one or more agents are involved in receivingpayments, initiating transactions, disbursing payments, verifyingidentifying information, and/or looking up transactions (as shown inFIG. 3). In some embodiments, no agents are involved in one or more ofthese processes. For example, a transaction may be initiated and paymentmay be received from a kiosk. While FIG. 3 shows a single agent beinginvolved in various transaction steps, in some embodiments, multipleagents are involved. For example, when the first individual initiatesthe transaction and provides payment, agents involved may include: anagent who receives the payment, an agent who inputs the payment into thecomputer system, an agent who is working at the time of the transactioninitiation though not directly involved in the transaction, and/or asupervising agent. In some embodiments, one or more of the first, secondand third agents may comprise the same agent, and/or one or more of thefirst, second and third locations may comprise the same location.

Another example of fraudulent agent activity includes a circumstancewhere a person was convinced (e.g., by an agent or representativeassociated with an agent) that they would receive something of value(e.g., a credit card, a grant, an inheritance, an stock option, a loan,a lost article, recovered funds from victimization in a previous fraudscheme, a property to rent, or lottery winnings) if they transferredmoney (e.g., for a supposed annual fee, taxes, attorney fees, investmentmoney, months of loan payment, a reward, fees to defray costs, or adeposit) in advance, even though the person would later not receive theexpected thing of value. Similarly, a person may be convinced totransfer money to facilitate transporting a relative across a border,even though the recipient would not later facilitate the transportation.A person may be convinced to transfer money to assist a relative or(online) acquaintance in a perceived emergency situation (e.g., wherethe person believed he was transferring money for bail or medicalexpenses), even though the relative or acquaintance was not in theemergency situation. A person may transfer money in an attempt topurchase merchandise or an event ticket, even though such merchandise orticket would not later be provided. A person may receive a counterfeitcheck or money order (e.g., from an agent or representative associatedwith an agent) and be asked to send a money transfer for overpayment. Aperson may be convinced that he is a mystery shopper and must evaluate amoney-service transfer company by sending a transfer. A person mayreceive a counterfeit prepayment or deposit for renting a property ortime share and be asked to return the money because the initial senderasserted that his plans had changed such that he would no longer berenting the property.

Errors (e.g., the paid-in-error situation described with respect to FIG.3) may suggest that an agent was involved in a fraudulent activity.However, due to the number of agents involved, it may be difficult todetermine which agent/s were to blame.

Fraud-Risk Determination Process

Where the Information is Received

In some embodiments, transaction information associated with one or morecompany agents is analyzed to determine a fraud-risk index and topredict that specific agents associated with a money-transfertransaction are engaged in fraudulent activity. An embodiment of aprocess 400 for determining a fraud-risk index is shown in FIG. 4.Transaction information is received at 405. The transaction informationmay be received, for example, by accessing fraud-risk database 207,receiving information from a reporting device 211 (e.g., over network213), and/or by accessing transaction database 205.

The transaction information may suggest that an agent involved with atransaction was engaged in fraudulent activity. The transactioninformation may indicate that the transaction did not complete asexpected (e.g., the intended recipient was unable to receive moneytransferred or that an individual attempted to receive the transferredmoney after it was already disbursed). In some embodiments, some of thetransaction information (e.g., information associated with a first setof transactions) suggests that fraudulent activity by involved agents,and some of the transaction information (e.g., information associatedwith a second set of transactions) does not suggest fraudulent activityby involved agents.

In some embodiments, customer-complaint data comprises transactioninformation. For example, a customer may call a call center to complainabout a particular transaction, and he may provide details related tothe transaction at issue. In some embodiments, transaction informationcomprises customer-complaint data. For example, transaction informationmay include information related to a transaction, the informationprovided by a customer, as well as information obtained from a database.

In some embodiments, a report comprises customer-complaint data and/ortransaction information. The report may be initiated by a customer ormay comprise a customer complaint. In some embodiments, the report isgenerated by the customer (e.g., by completing an online form or asatisfaction survey at a company terminal). In some embodiments, thereport is generated by a company representative (e.g., a CSR) inresponse to a customer complaint (e.g., a CSR generates the report usinga computer in response to a customer complaint received over thetelephone, online or at a company location). A customer may be promptedor required (e.g., using form fields or questions asked by a companyagent) to provide specific types of transaction information, such as anyof the types described below with respect to FIG. 5. The report, datafrom the reports, and/or customer-complaint data may be stored infraud-risk database 207.

In some embodiments, the transaction information is automaticallyreceived (e.g., through network 209 and transaction-processing system203) after a transaction action has occurred. For example, transactioninformation may be sent from a transaction device 208 over network 209to transaction-processing system 203 coupled to risk processor 206. Thistransmission of information may occur, for example, after or while firstindividual 305 a initiates a money transfer, second individual 305 breceives a money transfer, third individual 305 c attempts to but failsto receive a money transfer (e.g., because the money has already beendisbursed), an agent (e.g., second agent 310 b or third agent 310 c)looks up details about the money transfer in a company system, or anindividual looks up details about the money transfer in a money-transfersystem made available to customers.

In some embodiments, some transaction information relating to a singletransaction is initially provided by a customer (and, e.g., receivedfrom a reporting device 211 or fraud-risk database 207) and sometransaction information relating to the same transaction is accessedthrough transaction database 205. For example, a customer may provide atransaction identification number, and then detailed informationpertaining to that transaction (e.g., where, when, and by whom money wassent; where and when the money was paid; which agents or locationsparticipated in the transfer; the amount of the transfer; etc.) may bereceived from transaction database 205. In some embodiments, sometransaction information relating to a single transaction is provided bya customer and some transaction information relating to the sametransaction is provided by a company computer system or by a companyrepresentative. For example, a company representative may supplement acustomer-complaint report to indicate how the company responded to thecomplaint. As another example, a computer system may supplement a reportto indicate which agents looked up the transaction in question and whenthese look-ups occurred (e.g., by looking up the information intransaction database 205).

In some instances, transaction information relating to some transactionsis provided by a customer (e.g., during a customer complaint) andtransaction information relating to other transactions is not providedby the customer. For example, a company may track both transactionsassociated with customer complaints or reports and transactions thatwere paid-in-error to a second individual rather than to the third. Thecompany may be alerted (e.g., automatically) about the paid-in-errortransactions when the third individual 305 c attempts to receive thetransferred money. The company may, for example, generate a report forany or all incidences (e.g., relating to suspicious or fraudulentactivity), even when such reports do not correspond to a customercomplaint.

Types of Information

FIG. 5 shows an example of types of transaction information that may bereceived at 405 and/or included in fraud-risk database 207. Thetransaction information may include transaction-send information. Thetransaction-send information may include a date or time when the moneywas transferred from first individual 305 a, a first location 315 a(e.g., a geographic location or a location of a particular companylocation, office, kiosk or terminal) where the transaction was initiatedor where payment was accepted from first individual 305, an agent (e.g.,a representative 115) involved in sending money (e.g., first agent 310 areceiving cash or processing a check, credit-card or money-orderpayment), or identifying information about first individual 305 asending the money (e.g., a name, customer ID number, account number, oran address). The transaction-send information may include transactioninstructions (e.g., regarding when, where, and to whom the money was tobe transferred).

The transaction information may include transaction-pay information. Thetransaction-pay information may include a date or time when thetransferred money was paid to second individual 305 b, a second location315 b (e.g., a geographic location or a location of a particular companylocation, office, kiosk or terminal) where money was disbursed to secondindividual 305 b, an agent (e.g., a representative 115) involved inpaying second individual 305 b (e.g., second agent 310 b providing thesecond individual with cash, a check or another form of payment), oridentifying information about second individual 310 b (actually orallegedly) receiving the money (e.g., a name, customer ID number,account number, or an address). The transaction information may includea send-pay duration, which may comprise a duration between a time when atransaction was initiated and/or payment from a first individual wasaccepted and a time when transferred money was paid.

The transaction information may include attempted-retrieval information.The attempted-retrieval information may include a date or time whenthird individual 305 c attempted to receive payment for the transaction,a third location 315 c (e.g., a geographic location or a location of aparticular company location, office, kiosk or terminal) where thirdindividual 305 c attempted to receive payment, an agent (e.g., arepresentative 115) involved in the attempted retrieval (e.g., thirdagent 310 c who denied the third individual from being able to receivethe transferred money), or identifying information about thirdindividual 305 c (e.g., a name, customer ID number, account number, oran address). The date/time of attempted retrieval may be before and/orafter the date/time when the transaction was paid. For example, thirdindividual 305 c may request money associated with a particulartransaction, and third agent 305 c may refuse to pay the money to thirdindividual 305 c, indicating that the transaction has not been processedyet. Second individual 305 b (who, in some instances, may be the sameperson as the third individual 305 c) may then be paid the transferredmoney at a later date/time. In some embodiments, there are more than oneattempted retrievals. Information associated with each attemptedretrieval may be included in the transaction information.

The transaction information may include subsequent matching activity,which may include a second transaction following and relating to the“first” transaction associated with the information or report. Forexample, the subsequent matching activity may include a transactioninvolving an individual 305 who was also involved in the firsttransaction. The subsequent matching activity may include a secondtransaction involving a transaction amount relating to or being the sameas a transaction amount of the first transaction. The subsequentmatching activity may include a transaction occurring within a timeinterval (e.g., 1, 5, 10, 30 or 60 minutes or 1, 2, 4, 8, 24, 48, or 84hours) of the first transaction. The subsequent matching activity mayinclude an inter-country transaction. For example, a subsequent matchingactivity may include a second transaction initiated by an individual whoreceived payment from the first transaction (e.g., initiated by secondindividual 305 b), the second transaction being initiated within 24hours from the payment of the first transaction. In some instances,transaction information merely indicates that subsequent matchingactivity has been identified. In some instances, transaction informationincludes information about the subsequent matching activity (e.g.,relating to the second transaction).

The transaction information may include resolution information. Theresolution information may indicate whether the intended recipient ofthe transaction (e.g., third individual 305 c) was compensated (e.g.,whether the full transaction amount was provided to the thirdindividual). The resolution information may indicate whether an agent(e.g., agent 310 a, 310 b or 310 c) was required to pay for compensationto the intended payee or for a penalty. For example, a companyrepresentative or system may determine that an erred transaction was dueto an agent's mistake or misconduct (e.g., failing to require that theindividual requesting the money provide identification), and thus, theagent may be required to pay the full transaction amount such that theintended recipient may be paid (“a chargeback”). The transactioninformation may indicate whether such a chargeback occurred and/or otherinformation (e.g., the amount of the chargeback or the basis ofrequiring the chargeback) associated with the chargeback.

The transaction information may include a transaction amount, which isthe amount that was or was intended to be transferred from the firstindividual to the intended recipient. The transaction information mayalso include amounts of fees.

In some embodiments, the types of transaction information receivedvaries across associated transactions. For example, third individual 305c may have attempted to receive (but been denied) transferred money fora first set of transactions, but there may not have been any such failedattempts for a second set of transactions. Thus, transaction informationassociated with the first set of transactions may include attemptedretrieval information, while transaction information associated with thesecond set of transactions may not.

Associating Information with Agents

Returning to FIG. 4, at 410, transaction information is associated withone or more company agents. A company agent may, for example, comprise arepresentative or employee (e.g., merchant) associated (directly orindirectly through an intermediate company) with the company (e.g.,115), an agent associated with a particular money-transfer site (e.g.,110) or financial institution that interacts with consumers (e.g., at aremote location in a money-transfer process) and/or a company location(e.g., associated with a company office, a company kiosk or a companyterminal), which may, for example, be configured to allow consumers toremotely partake in a money-transfer process. In one embodiment, thetransaction information is associated with first agent 310 a whointeracted with first individual 305 a during initiation of thetransaction, with second agent 310 b who interacted with secondindividual 305 b while providing second individual 305 b withtransferred money associated with the transaction, with third agent 310c who interacted with third individual 305 c during third individual'sattempt to receive the transferred money, and/or with an agent wholooked up the transaction on a company computer system. In oneembodiment, the transaction information is associated with firstlocation 315 a where first individual 305 a initiated the transaction,with second location 315 b where transferred money associated with thetransaction was provided to second individual 305 b, with third location315 c where third individual 305 c attempted to receive the transferredmoney, and/or with an agent (e.g., a supervising employee or branchowner) associated with one or more of these locations.

In one embodiment, the transaction information is associated with eachagent who was directly involved with the transaction at issue (e.g.,agents 310 a-310 c). Directly involved agents may include agents whointeracted with one or more of the involved individuals 305 a-305 c. Inone embodiment, the transaction is associated with one or more agentsindirectly involved with the transaction (e.g., an employee who wason-the-clock working for the company at the time that individual 305 a,305 b or 305 c interacted with company agent, but who was not directlyinvolved in the interaction, or an supervising agent).

Storing Information in a Database

At 415, transaction information is stored in a database (e.g.,fraud-risk database 207 and/or transaction database 205). In someembodiments, the transaction information is formatted or processed(e.g., by risk processor 207 and/or transaction computer 204) before itis stored in the database.

In some embodiments, the database comprises a plurality of entries, eachentry being associated with one transaction and/or with one report(e.g., each entry being automatically generated after a transactioninitiation, completion or unsuccessful retrieval attempt, or each entrybeing associated with one customer complaint or report), and each entrycomprising transaction information associated with that transaction.(See, e.g., FIG. 5.) Each transaction entry may be linked to the one ormore agents associated with the transaction in 410. In some embodiments,new entries are added to the database following triggering events (e.g.,a new customer complaint or a transaction initiation, completion orunsuccessful retrieval attempt). In some embodiments, new entries areadded to the database at particular time points. In some embodiments,selected entries are removed from the database. For example, entries maybe removed if they have been in the database for over a threshold amountof time or if they were entered prior to a threshold date. As anotherexample, entries associated with transactions determined to be ordetermined to likely be non-fraudulent may be removed. As anotherexample, entries associated with transactions of amounts below athreshold may be removed.

Agent-Specific Summary Statistics

In some embodiments, the database (e.g., risk-fraud database 207)includes agent-specific summary statistics. For example, the databasemay include a plurality of entries, each entry being associated with oneagent. In some embodiments, agent-specific summary statistics aredetermined based on transaction information (e.g., stored in transactiondatabase 205 and/or risk-fraud database 207). Examples of agent-specificsummary statistics are shown in FIG. 6.

In some embodiments, agent-specific summary statistics include summarystatistics about reports and/or customer-complaint data associated withthe agent. The reports or complaint data associated with the agent mayinclude all reports or complaint data (across all time or within one ormore time periods) associated with the agent or a subset of the reportsor data. For example, a subset of the reports may include only thosereports where the agent was directly interacting with a customer, wherethe agent was involved in a payout of the transaction, where a customerfiled a complaint, or where another agent was not determined to be thecause of a transaction error. As further examples, a subset of thereports may include reports associated with a particular type of error(e.g., reports corresponding to incidences where it was determined thata paid-in-error error occurred) or reports associated with a particularresolution (e.g., reports associated with an agent chargeback).

Complaint summary statistics may include a number (or count) of receivedreports, received complaints, paid-in-errors errors, chargebacks, ordetermined suspicious transactions (across all time or within one ormore time periods) associated with the agent. The report-numberstatistic may include, for example, a number of fraud-related customercomplaints received or a number of paid-in-error reports.

The complaint summary statistics may include a transaction-amountstatistic related to amounts of the transactions associated with thereceived reports, received complaints, or determined suspicioustransactions. The transaction-amount statistic may include, for example,an average, median, mode, maximum, standard deviation, or cumulative sumof the transaction amounts. The transaction-amount statistic may relateto a distribution of digits (e.g., distribution of first digits) intransaction amounts across transactions. For example, thetransaction-amount statistic may relate to a comparison (e.g., acumulative paired difference) between the proportion of leading-digitsof agent-associated transactions (either including only transactionsidentified in complaints or including a total number of transactions)equal to each individual digit and the proportions predicted by a model.The model may be based, for example, on an empirical distribution ofdigits or may be obtained by analyzing other transactions. The model maypredict an even distribution of digits across numbers. The model may bebased on Benford's law, which would predict that the probability ofobserving a leading digit is equal to log₁₀(1+1/d₁), with d₁ being equalto an integer between 1 and 9. Thus, Benford's law would predict thatthe following probability distribution with regard to a leading digit:

Leading Digit Probability 1 .3010 2 .1760 3 .1250 4 .0970 5 .0790 6.0670 7 .0580 8 .0510 9 .0460

The complaint summary statistics may include a transaction-date/timestatistic related to a date and/or time of transactions associated withthe received reports, received complaints, or determined suspicioustransactions. The transaction-date/time statistic may indicate, forexample, that most of reports were recent or that reports associatedwith the agent were being filed with increasing frequency. Thetransaction-date/time statistic may relate to the duration of timebetween the time that a transaction was initiated (and/or money was paidby first individual 305 a) and the time that a transaction was paid (tosecond individual 305 b) (a send-pay duration). Thetransaction-date/time statistic may include, for example, an average,median, mode, or minimum duration and/or a percentage ofreport-identified transactions with durations below a threshold (e.g.,1, 5, 10, 15, 30 or 60 minutes or 2, 4, 8, 24 or 48 hours).

The complaint summary statistics may include statistics related toresolution information associated with the received reports, receivedcomplaints, or determined suspicious transactions. For example, thecomplaint summary statistics may indicate a number or percentage ofreports or complaint data associated with the agent where an intendedrecipient was compensated or where the agent was responsible for payingthe compensation (e.g., creating a chargeback situation) or a fee. Thecomplaint summary statistics may include statistics related tosubsequent matching history. For example, the complaint summarystatistics may indicate a number or percentage of reports where a personor computer system determined that a second transaction was matched tothe first one (e.g., due to a small time window between thetransactions, the same or similar amount transferred in thetransactions, a common involvement of a single individual, and/or atransfer to a recipient in a different country).

In some embodiments, agent-specific summary statistics include summarystatistics about all transactions (across all time or within one or moretime periods) associated with the agent or a subset of the totaltransactions (e.g., only including reports where the agent was directlyinteracting with a customer, where the agent was involved in a payout ofthe transaction, or where another agent was not determined to be thecause of a transaction error). These statistics may, for example,parallel at least some of the complaint summary statistics. For example,the total-transaction summary statistics may include a number (or count)of transactions, a transaction-amount statistic and/ortransaction-date/time statistic, as described above, but with respect toa set of total transactions rather than, for example, agent-associatedtransactions from complaints.

In some embodiments, agent-specific summary statistics includestatistics comparing variables related to complaint-associatedtransactions to variables related to total transactions. For example,the relative statistics may include a number of transactions associatedwith an agent and identified in a report (e.g., the reports beingassociated with customer complaints, paid-in-error errors and/or agentchargebacks) divided by a number of total transactions associated withthe agent. As another example, the relative statistics may include acumulative transaction amount of transactions associated with an agentand identified in a report (e.g., the reports being associated withcustomer complaints, paid-in-error errors and/or agent chargebacks)divided by a cumulative transaction amount of total transactionsassociated with the agent.

In some embodiments, agent-specific summary statistics include behaviorstatistics. For example, the behavior statistics may include a number oftimes that the agent looked up a transaction (e.g., in transactiondatabase 205). The look-up number may be absolute across a period oftime or may include look-ups that were not accompanied by a pay-out orlook-ups associated with a transaction later at issue in a report,customer complaint, or determined-to-be or likely-to-be fraudulentincident. The behavior statistics may include a proportion of an agent'slook-ups that was accompanied by a pay-out. The behavior statistics mayinclude performance assessments, such as how frequently an agent waslate to work or absent from work or how satisfied supervisors orcustomers were with the agent's job performance.

In some instances, an agent-specific summary statistic is generatedusing a step function. For example, an agent-specific summary statistic(e.g., a percentage of total transactions identified in a complaint, aproportion of look-ups accompanied by a pay-out, a percentage ofsend-pay intervals above a threshold, or a number of incidences wherethe agent was identified as a fraud risk) may be set to zero when thestatistic is below a particular value (e.g., below 1, 5, 10, 20, 25 or50 percent or below a count of 2, 3, 4, 5, 10 or 15).

In some embodiments, agent-specific summary statistics includestatistics related to the agent's history with the company. For example,the company-history statistics may include the agent's current orhistorical position or salary, the date that the agent started workingwith the company, the date that the agent started working at his currentposition, the date that the agent started working at his currentlocation, how long the agent has been working with or associated withthe company, how long the agent has been working at his currentposition, or how long the agent has been working with the company at hiscurrent location. In one embodiment, a start-date multiplier iscalculated based on how long the agent has been working with orassociated with the company. The start-date multiplier may be calculatedbased on an equation and/or a step function. For example, the start-datemultiplier may be equal to:

$\begin{matrix}{s = \left\{ \begin{matrix}{{1\mspace{14mu} {if}\mspace{14mu} \Delta \; t} > 420} \\{{{\left( {1 - {\Delta \; {t/420}}} \right) \cdot 0.2} + {1\mspace{14mu} {if}\mspace{14mu} \Delta \; t}} \leq 420}\end{matrix} \right.} & \left( {{Eqn}.\mspace{11mu} 1} \right)\end{matrix}$

where Δt is the duration (in days) since the time that the agent hasbeen working or associated with the company. Thus, if the agent juststarted with the company, Δt would be 0, and the start-date multiplierwould be 1.2. If the agent has been associated with the company for over420 days (˜14 months), the −multiplier would be 1. The start-datemultiplier could be multiplied with one or more other terms used in thefraud-risk index calculation.

The company-history statistics may also relate to previous incidencesthat the agent has had at the company. These incidences may include, forexample, being investigated for possible fraud, being identified as afraud risk, having the company determine the agent was or was likely tohave been involved in fraud, or being fined by the company. Thestatistics may relate to, for example, the number of such incidences ora severity of the incidences (e.g., related to the number oftransactions or the amounts involved in the transactions from previousfraud investigations).

In some embodiments, agent-specific summary statistics includecombinations of the above examples. For example, an agent-specificsummary statistic may indicate whether the percentage of compensatedcomplaints was higher for recently complaints than for older complaints,thus combining data analyzed for the transaction-time statistic and forthe compensated-complaint statistic.

Historical-Comparison Statistics

In some embodiments, agent-specific summary statistics includecomparisons of one or more of the above-described statistics (e.g., acomplaint-number statistic, a customer-complaint-number statistic, apaid-in-error-number statistic, a chargeback-count statistic, or atransaction-amount statistic) to one or more similar statistics from theagent's past. For example, in one embodiment, the agent-specific summarystatistics includes a number of statistics related to agent-associatedtransactions occurring over a prior month. Similar statistics could bepresented for previous time periods (e.g., from one, two, three and/orfour months before the past month, from last year, etc.). In someinstances, agent-specific summary statistics include historicalcomparison statistics, such as a ratio or a weighted ratio of astatistic characterizing “current” transactions (e.g., occurring overthe past month) to similar statistics derived from prior transactions.

For example, suppose that L₁-L₄ represents monthly values for onestatistic (e.g., a number of complaints associated with an agent filedwithin the month), with L₄ representing the statistic for previousmonth, L₃ representing the statistic for the month before the previousmonth, etc. The following equations represent possible agent-specificsummary statistics for this statistic:

$\begin{matrix}{L_{sum} = \frac{{w_{1} \cdot L_{3}} + {w_{2} \cdot L_{4}}}{{w_{1} \cdot L_{1}} + {w_{2} \cdot L_{2}}}} & {{Eqn}.\mspace{11mu} 2} \\{L_{sum} = \frac{{w_{1} \cdot L_{2}} + {w_{2} \cdot L_{3}} + {w_{3} \cdot L_{4}}}{{w_{1} \cdot L_{1}} + {w_{2} \cdot L_{2}} + {w_{3} \cdot L_{3}}}} & {{Eqn}.\mspace{11mu} 3} \\{L_{sum} = \frac{{w_{1} \cdot \frac{L_{2}}{L_{1}}} + {w_{2} \cdot \frac{L_{3}}{L_{2}}} + {w_{3} \cdot \frac{L_{4}}{L_{3}}}}{w_{1} + w_{2} + w_{3}}} & {{Eqn}.\mspace{11mu} 4}\end{matrix}$

where w₁, w₂ and w₃ represent weighting factors. For example, in oneinstance, w₁, w₂ and w₃ are all equal to 1. In one instance, w₁=1, w₂=2,and w₃=3. In one instance, w₁=1, w₂=2, and w₃=4. In some instances theweighting factors depend on other variables. For example, if Lrepresents a transaction-amount statistic, the weighting factors maydepend on the number of complaints received in the previous months.

These equations may be modified in circumstances, for example, for whichan agent has not been with a company for at least four months or when anagent did not partake in transactions for given months. For example, theequations below show possible modifications to Eqns. 2-4 for a situationin which an agent was not with the company for the month correspondingto L₁.

$\begin{matrix}{L_{sum} = \frac{{w_{1} \cdot L_{3}} + {w_{2} \cdot L_{4}}}{\left( {w_{1} + w_{2}} \right) \cdot L_{2}}} & {{Eqn}.\mspace{11mu} 5} \\{L_{sum} = \frac{\left( {{w_{1} \cdot L_{2}} + {w_{2} \cdot L_{3}} + {w_{3} \cdot L_{4}}} \right) \cdot \left( {w_{2} + w_{3}} \right)}{\left( {{w_{2} \cdot L_{2}} + {w_{3} \cdot L_{3}}} \right) \cdot \left( {w_{1} + w_{2} + w_{3}} \right)}} & {{Eqn}.\mspace{11mu} 6} \\{L_{sum} = \frac{{w_{2} \cdot \frac{L_{3}}{L_{2}}} + {w_{3} \cdot \frac{L_{4}}{L_{3}}}}{w_{2} + w_{3}}} & {{Eqn}.\mspace{11mu} 7}\end{matrix}$

As further examples, the following equations show possible modificationsto Eqns. 2-4 for a situation in which an agent was not with the companyfor the months corresponding to L₁ and L₂.

$\begin{matrix}{L_{sum} = \frac{{w_{1} \cdot L_{3}} + {w_{2} \cdot L_{4}}}{\left( {w_{1} + w_{2}} \right) \cdot L_{3}}} & {{Eqn}.\mspace{11mu} 8} \\{L_{sum} = \frac{\left( {{w_{2} \cdot L_{3}} + {w_{3} \cdot L_{4}}} \right) \cdot w_{3}}{w_{3} \cdot L_{3} \cdot \left( {w_{2} + w_{3}} \right)}} & {{Eqn}.\mspace{11mu} 9} \\{L_{sum} = \frac{L_{4}}{L_{3}}} & {{Eqn}.\mspace{11mu} 10}\end{matrix}$

In some instances, rather than modifying the equations when an agent wasnot with the company for past months, a baseline value could besubstituted for the missing statistic. The baseline value could bedetermined, for example, based on extrapolation of statistical values(e.g., from the specific agents or across a group of agents).

In some embodiments, agent-specific summary statistics includecomparisons of one or more of the above-described statistics to baselinefigures. The baseline figures may relate to, for example, similarstatistics from all agents or a subset of agents (e.g., representativesin a similar position and with similar experience to the agent). Forexample, for a single statistic, the baseline figure may be or mayrelate to an average, a weighted average, a median, a mode, a maximumthreshold (e.g., an average plus one, two or three standard deviations),or a standard deviation of the same statistic across all agents or thesubset of agents. In some instances, the baseline figures are onlyincluded when the agent is relatively new (e.g., having been with thecompany, at his current position or at his current location for lessthan one, two, three, six, or twelve months). In some instances,agent-specific summary statistics include baseline comparisonstatistics, such as a ratio or a weighted ratio of a statistic to asimilar baseline statistic (e.g., derived from statistics from otheragents).

In some instances, risk-fraud database 207 includes both complaintsummary statistics and agent-specific summary statistics. In someinstances, risk-fraud database 207 includes either complaint summarystatistics or agent-specific summary statistics. The other group ofstatistics may not be determined, may not be stored in a database, ormay be stored in a different database (e.g., a database not shown inFIG. 2). In some instances, risk-fraud database 207 includes complaintdata distinct from the complaint summary statistics (e.g., a writtencomplaint from a customer or a vocal recording from the customer).

As shown in FIGS. 4, 405, 410 and 415 may be repeated. For example, riskprocessor 206 may be configured to repeatedly receive transactioninformation. Thus, upon the arrival of new transaction information(e.g., due to a new transaction, customer complaint or suspicioustransaction), the received information may be associated with one ormore agents and stored in a database. In some instances, the processonly continues on to 420 when, for example, there is a specificinstruction to continue the process, when a certain time has beenreached (e.g., the start of a new month), or a specific type oftransaction information was received (e.g., a new customer complaint).

Retrieval from Database

At 420, data associated with an agent are retrieved from the database.In some embodiments, agent-specific summary statistics are retrieved. Insome embodiments, complaint summary statistics are retrieved. In someembodiments, complaint (non-summary) data are retrieved. The data may beretrieved from fraud-risk database 207 and/or from transaction database205. In one embodiment, complaint data and/or at least some complaintsummary statistics are retrieved from fraud-risk database 207 and datarelated to transactions associated with the complaints are retrievedfrom transaction database 205. The data may be retrieved by riskprocessor 206.

In one embodiment, complaint summary statistics are stored in fraud-riskdatabase 207. Risk processor 206 accesses the complaint summarystatistics and, in some instances, supplements the complaint summarystatistics with transaction information stored in transaction database205. Risk processor 206 processes the retrieved data and generatesagent-specific summary statistics, which may or may not be subsequentlystored in a database (e.g., fraud-risk database 207).

Determine Fraud-Risk Index

At 425, a fraud-risk index is determined (e.g., by risk processor 207).The fraud-risk index may at least partly depend on one or moreagent-specific summary statistics. The fraud-risk index may include, forexample, a weighted average of a set of agent-specific summarystatistics. In some instances, transaction information stored in adatabase is retrieved, agent-specific summary statistics are determined(which may or may not be subsequently stored in a database), and afraud-risk index is determined based on the agent-specific summarystatistics. In some instances, agent-specific summary statistics whichwere stored in a database are retrieved, and a fraud-risk index isdetermined based on the agent-specific summary statistics.

The fraud-risk index may relate to statistics related to a length oftime an agent has been with a company; a number of received complaints;amounts of transactions associated with received complaints; a number ofpaid-in-error errors; a number of chargebacks; amounts of transactionsassociated with complaints, paid-in-error errors, and chargebacks;amounts of total transactions; a number of incidences when an agent waspreviously identified as suspected as a fraud risk based on fraud-riskindices; a number of transaction look-ups; a number of payouts; asend-pay interval duration; a number of matched transactions and/or adistribution of digits in amounts of processed or paid transactions.

The fraud-risk index may comprise a number. A fraud-risk index may bedetermined in a manner (e.g., using a formula with normalization) suchthat the fraud-risk index is constrained within a set range (e.g.,between 0 and 1). In some instances, the fraud-risk index istheoretically unbounded in at least one direction (e.g., such that thereis no upper limit). The fraud-risk index may comprise an indicator, suchas a text indicator. For example, the fraud-risk index may be equal toone of the following values: No fraud risk, minimal fraud risk, averagefraud risk, above-average fraud risk, large fraud risk.

Eqn. 10 shows one example of a formula that may be used in thedetermination of a fraud-risk index:

FR=average(max(x ₁ ,x ₂),·(5·(x ₁ +x ₂)))·x ₃ +x ₄ ++x ₅ +x ₆ + . . . x₇+(·1·x ₈)+(3·x ₉)+(0.05·x ₁₀)+(3·x ₁₁)  (Eqn. 11)

where:

x₁ is a ratio of comparing recent customer-complaint-number statisticsto older similar statistics (see, e.g., Eqns. 2-10)

x₂ is a ratio of comparing recent transaction-amount statistics (e.g.,associated with complaints) to older similar statistics (see, e.g.,Eqns. 2-10)

x₃ is a start-date multiplier set to “1” if the agent has been with thecompany for more than a particular duration (e.g., 14 months), andotherwise is inversely proportional to the time that the agent has beenwith the company (see, e.g., Eqn. 1)

x₄ is a ratio of comparing recent paid-in-error-number statistics toolder similar statistics (see, e.g., Eqns. 2-10)

x₅ is a ratio of comparing recent chargeback-number statistics to oldersimilar statistics (see, e.g., Eqns. 2-10)

x₆ is a ratio comparing cumulative transaction amounts related tocustomer complaints, paid-in-error errors and chargebacks relative to atotal transaction amount processed (received from customers or paid tocustomers)

x₇ is a factor set equal to “1” if the agent was previously identifiedas a fraud risk and “0” otherwise

x₈ is a ratio comparing a number of transaction look-ups to a number oftransactions paid to customers

x₉ is a factor set to a percentage of transactions with a send-payinterval of less than 30 minutes, unless the value would be less than0.20, in which case it is set to “0”

x₁₀ is a number of first transactions, each matched to a secondtransaction, the second transaction occurring within 24 hours and beingsent by the recipient of the first transaction

x₁₁ is a factor set to a cumulative sum of pair-wise-differences betweenthe probability that the first digit in the amounts of processedtransactions was equal to any given digit and the expected probabilitybased on Benford's distribution, unless the value would be less than orequal to 20%, in which case it is set to “0”

As shown in FIG. 4, multiple fraud-risk indices may be determined. Forexample, a fraud-risk index may be determined for each of a set ofagents of interest (e.g., the set of agents including allrepresentatives, all representatives with at least one associatedcomplaint, or all representatives previously investigated for fraudulentactivity). For each agent, for example, a processor may repeat 420 and425, retrieving data associated with the agent of interest from thedatabase and determining a fraud-risk index.

Predict Engagement in Fraud

At 430, one or more agents are predicted (e.g., by risk processor 207)to have engaged in fraudulent activity. This prediction may depend onone or more determined fraud-risk indices. For example, the fraudprediction may occur when a fraud-risk index crosses a (e.g.,pre-determined) threshold (e.g., “1”). Fraud risk predictions may dependon a non-fraud-risk-index factors and/or a combination of factors. Forexample, in some instances, the fraud prediction depends on whether anagent's fraud-risk index had previously crossed the threshold (e.g.,such that a fraud prediction would predict fraud engagement for allagents who were “newly” identified to have a fraud-risk index crossing athreshold). As another example, a fraud-risk prediction may depend onwhether the total transaction amounts associated with complaints over atime interval exceeded a threshold (e.g., $25,000).

The prediction may depend on a distribution of fraud-risk indices. Forexample, a fraud prediction may occur when a fraud-risk index associatedwith an agent is among the highest indices (e.g., when the index is thehighest index; one of the five highest indices; one of the 10 highestindices; or among the top 1, 5, 10 or 20 percent of indices).

In some instances, fraud-risk indices are strictly analyzed, such thatthe only agents predicted to have engaged in fraudulent activity arethose with very suspicious (e.g., very high) indices. Thus, it may bevery likely that the agent was engaged in the fraudulent activity. Inother instances, fraud-risk indices are more leniently analyzed. In someof these instances, it may be more likely than not that agentsidentified by a risk method or system were actually not engaged infraudulent activity. Nevertheless, the lenient approach may bepreferable, for example, in situations where there are minimal or norepercussions directly imposed on agents identified in the prediction.For example, even though a system or method may predict that an agentwas involved in fraudulent activity, the prediction may merely be usedby a company to identify specific agents to further investigate indetail on a case-by-case basis.

Output Results

At 435, a fraud-risk index is output. In some instances, one or moreagent-specific statistics and/or some or all transaction data is output.For example, one or more statistics used to calculate a fraud-risk indexare output. In some instances, agents predicted to have been engaged infraudulent activity are output. As one example, a list of agents isoutput, and a fraud-risk index is also output for each of the agents.

In some embodiments, output results are transmitted over a network. Forexample, the results may be sent to an email address or acompany-internal webpage. In some embodiments, output results (e.g., thefraud-risk indices, statistics, data and/or identified agents) aredisplayed (e.g., on a display such as a computer screen that may be, forexample, coupled to risk processor 207). In some embodiments, outputresults are sent to a printer.

As shown in FIG. 4, various actions associated with process 400 may berepeated. For example, the process may be repeated at regular intervals(e.g., every month), or it may be triggered by specific events (e.g.,receiving a new complaint).

It will be understood that process 400 may be modified to exclude someidentified actions, to combine actions, to include additional actions,or to rearrange actions. For example, a fraud-risk index may be outputbefore one or more agents are predicted to have been engaged infraudulent activity. As another example, a modified process 400 may notinclude any prediction that one or more agents engaged in fraudulentactivity.

In some instances, multiple risk processors 206 are used. For example,one risk processor may process data (e.g., complaint data) to generatecomplaint summary statistics. One risk processor may process complaintsummary statistics to generate agent-specific statistics. One or morerisk processors may store and/or access data in one or more databases.One risk processor may determine a fraud-risk index based on accesseddata.

What is claimed is:
 1. A computer-implemented method comprising:retrieving, from a first database, a plurality of transaction dataassociated with a plurality of prior transactions, wherein each of theplurality of transaction data comprises first data indicating a firsttransfer agent and a second transfer agent who were responsible forfacilitating an incomplete transaction; receiving second data indicatinga customer associated with the incomplete transaction unsuccessfullyattempted to receive funds associated with the incomplete transaction;electronically storing the second data in a second database; retrievingthe first and second data from the second database; identifying, basedon the first, second data, a particular transfer agent; calculating afraud-risk index value for the particular transfer agent, wherein thefraud-risk index value for the particular transfer agent is calculatedbased on data retrieved from the second database; comparing thefraud-risk index value calculated for the particular transfer agent to apredetermined fraud-risk index threshold; and in response to determiningthat the fraud-risk index value calculated for the particular transferagent exceeds the predetermined fraud-risk index threshold, outputtingan indication of the particular transfer agent.
 2. The method of claim1, wherein the fraud-risk index value for the particular transfer agentis calculated based previously calculated fraud-risk index values thatexceeded a previous threshold.
 3. The method of claim 1, wherein thefraud-risk index value for the particular transfer agent is calculatedbased on a length of time that the particular transfer agent has beenassociated with a company.
 4. The method of claim 1, wherein the seconddata includes a written complaint from the customer associated with theincomplete transaction.
 5. The method of claim 1, wherein the seconddata includes an audio recording from the customer associated with theincomplete transaction.
 6. The method of claim 1, further comprisingdetermining the predetermined fraud-risk index threshold based at leastin part on fraud-index value associated with a plurality of transferagents, wherein the first transfer agent and the second transfer agentare part of the plurality of transfer agents. wherein the predeterminedfraud-risk index threshold is determined fraud-risk index value for theparticular transfer agent is calculated based the fraud-risk index valuefor other transfer agents.
 7. The method of claim 6, wherein thepredetermined fraud-risk index threshold is determined on an averagefraud-index value of the plurality of transfer agents.
 8. Anon-transitory computer-readable storage medium having stored thereoninstructions, the instructions comprising: retrieving, from a firstdatabase, a plurality of transaction data associated with a plurality ofprior transactions, wherein each of the plurality of transaction datacomprises first data indicating a first transfer agent and a secondtransfer agent who were responsible for facilitating an incompletetransaction; receiving second data indicating a customer associated withthe incomplete transaction unsuccessfully attempted to receive fundsassociated with the incomplete transaction; electronically storing thesecond data in a second database; retrieving the first and second datafrom the second database; identifying, based on the first, second data,a particular transfer agent; calculating a fraud-risk index value forthe particular transfer agent, wherein the fraud-risk index value forthe particular transfer agent is calculated based on data retrieved fromthe second database; comparing the fraud-risk index value calculated forthe particular transfer agent to a predetermined fraud-risk indexthreshold; and in response to determining that the fraud-risk indexvalue calculated for the particular transfer agent exceeds thepredetermined fraud-risk index threshold, outputting an indication ofthe particular transfer agent.
 9. The non-transitory computer-readablestorage medium of claim 8, wherein the fraud-risk index value for theparticular transfer agent is calculated based previously calculatedfraud-risk index values that exceeded a previous threshold.
 10. Thenon-transitory computer-readable storage medium of claim 8, wherein thefraud-risk index value for the particular transfer agent is calculatedbased on a length of time that the particular transfer agent has beenassociated with a company.
 11. The non-transitory computer-readablestorage medium of claim 8, wherein the second data includes a writtencomplaint from the customer associated with the incomplete transaction.12. The non-transitory computer-readable storage medium of claim 8,wherein the second data includes an audio recording from the customerassociated with the incomplete transaction.
 13. The non-transitorycomputer-readable storage medium of claim 8, the instructions furthercomprising determining the predetermined fraud-risk index thresholdbased at least in part on fraud-index value associated with a pluralityof transfer agents, wherein the first transfer agent and the secondtransfer agent are part of the plurality of transfer agents. wherein thepredetermined fraud-risk index threshold is determined fraud-risk indexvalue for the particular transfer agent is calculated based thefraud-risk index value for other transfer agents.
 14. The non-transitorycomputer-readable storage medium of claim 13, wherein the predeterminedfraud-risk index threshold is determined on an average fraud-index valueof the plurality of transfer agents.
 15. A system comprising: one ormore processors; and a memory coupled with the one or more processors,the memory configured to store instructions that when executed by theone or more processors cause the one or more processors to: retrieve,from a first database, a plurality of transaction data associated with aplurality of prior transactions, wherein each of the plurality oftransaction data comprises first data indicating a first transfer agentand a second transfer agent who were responsible for facilitating anincomplete transaction; receive second data indicating a customerassociated with the incomplete transaction unsuccessfully attempted toreceive funds associated with the incomplete transaction; electronicallystore the second data in a second database; retrieve the first andsecond data from the second database; identify, based on the first,second data, a particular transfer agent; calculate a fraud-risk indexvalue for the particular transfer agent, wherein the fraud-risk indexvalue for the particular transfer agent is calculated based on dataretrieved from the second database; compare the fraud-risk index valuecalculated for the particular transfer agent to a predeterminedfraud-risk index threshold; and in response to determining that thefraud-risk index value calculated for the particular transfer agentexceeds the predetermined fraud-risk index threshold, output anindication of the particular transfer agent.
 16. The system of claim 15,wherein the fraud-risk index value for the particular transfer agent iscalculated based previously calculated fraud-risk index values thatexceeded a previous threshold.
 17. The system of claim 15, wherein thefraud-risk index value for the particular transfer agent is calculatedbased on a length of time that the particular transfer agent has beenassociated with a company.
 18. The system of claim 15, wherein thesecond data includes a written complaint from the customer associatedwith the incomplete transaction.
 19. The system of claim 15, wherein thesecond data includes an audio recording from the customer associatedwith the incomplete transaction.
 20. The system of claim 15, wherein theinstructions that when executed by the one or more processors furthercause the one or more processors to determine the predeterminedfraud-risk index threshold based at least in part on fraud-index valueassociated with a plurality of transfer agents, wherein the firsttransfer agent and the second transfer agent are part of the pluralityof transfer agents. wherein the predetermined fraud-risk index thresholdis determined fraud-risk index value for the particular transfer agentis calculated based the fraud-risk index value for other transferagents.